Security Leftovers
-
CVE-2021-4034 – Ariadne's Space
Before we get into this, I have seen a lot of people on Twitter blaming systemd for this vulnerability. It should be clarified that systemd has basically nothing to do with polkit, and has nothing at all to do with this vulnerability, systemd and polkit are separate projects largely maintained by different people.
We should try to be empathetic toward software maintainers, including those from systemd and polkit, so writing inflammatory posts blaming systemd or its maintainers for polkit does not really help to fix the problems that made this a useful security vulnerability.
-
Windows ransomware LockBit makes the jump to Linux [Ed: Pro-Windows site. Misses the point that over 90% of ransomware is a Windows problem.]
First, they came for Windows. Then, for Tux. As cool as Linux is, it's increasingly becoming a target for ransomware-friendly cyber criminals intent on ruining people's days.
-
These critical security bugs put Linux servers at risk of attack [Ed: Attack from the inside maybe; you need to actually have an account on such machines to begin with... compare to Windows with remotely-exploitable full compromise bugs/back doors]
-
Patch Now: A newly discovered critical Linux vulnerability probably affects your systems
-
IoT security certification group gains steam [Ed: Another fake security consortium? Their shoddy products might be best off avoided altogether, as there's rarely a practical need for such gimmicks.]
The ioXT Alliance, which offers a certification program for IoT security, announced it has certified 195 products and grown to 580 members. Meanwhile, Timesys is seeking participants for a survey on IoT security.
- Login or register to post comments
- Printer-friendly version
- 5029 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
DARKReading
Experts Urge Firms to Patch Trivial-to-Exploit Flaw in Linux PolicyKit
Original
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
This Week In Security
This Week In Security: Geopolitical Hacktivism, Antivirus Mining, And Linux Malware | Hackaday
A couple more on polkit
PwnKit: detect privilege escalation with CrowdSec - The open-source & collaborative IPS
What Is the PwnKit Vulnerability Affecting Linux Distributions?
BankInfoSecurity
Flaw in Polkit's pkexec Puts Linux Users at Risk
Qualys
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit's pkexec (CVE-2021-4034) | MarketScreener
Linux distros haunted by Polkit-geist for 12+ years
Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user
12-year-old Linux root privilege flaw has been "hiding in plain sight"
Pwnkit is an easy-to-exploit vulnerability affecting all Linux
Pwnkit is an easy-to-exploit vulnerability affecting all Linux distros
Linux Vulnerability Discovered Impacting All Major Distros
Linux Vulnerability Discovered Impacting All Major Distros